Air Force Audit Agency
Integrity - Service - Excellence
Fraud Related
Internal Controls
James B. Kojak
Jan 24, 2012
Overview
 Prevalence
of fraud
 Benefits of effective ICs
 Internal control design
 Implementation
 Evaluation of internal controls
 Limitations of internal controls
 Summary
Integrity - Service - Excellence
Qualifications & Experience






CPA, CFE, CIA, CGFM
BA Accounting
MS Public Administration
Master of Military Art and Science
Over 22 years experience
 DLA Internal Review & Accounting
 AFAA since 1992 – Auditor/Audit Manager/Team Chief
Experience
 Financial and Performance Auditing
 Fraud Investigations
 Internal Controls
Integrity - Service - Excellence
Prevalence of Fraud

Fraud is common & increasing







MF Global
Bernie Madoff
Enron, World Com, Tyco, etc.
Wells Fargo, BoA, Citigroup, UBS
Most fraud is not made public
Major disincentives for organizations to
disclose or report fraud
Estimated that hundreds of billions of dollars
are mishandled each year
Integrity - Service - Excellence
Benefits of Effective
Internal Controls
 Ensure
effective operations
 Prevents most, not all fraud – major
exceptions – senior mgmt/collusion
 Adds creditability to the summary
business performance data
 Provides timely, accurate, and reliable
information
 Safeguards assets from waste
 Promotes compliance with the law
Integrity - Service - Excellence
Definitions of Internal
Control
“Internal control is a system, plan of action and philosophy built into
the operating activity of the business to help ensure the actual events
and activities that occur comply with the owner/managers
expectations, intent and goals.” Michael F. Trebesh, Alma College


Integrity - Service - Excellence
Designing Effective ICs
 To
be effective, ICs must ensure:

Physical assets and information are
properly accounted for and
safeguarded
 Financial and operating data is useful,
complete, competent, and timely
 Compliance with federal, state and
local laws and ordinances
Integrity - Service - Excellence
Internal Control Design

Properly designed control systems are
based on six basic principles::
 segregation of duties
 establishment of responsibility and
accountability
 proper documentation of transactions
 physical and mechanical security devices
 independent internal verification
 other controls
Integrity - Service - Excellence
Separation of Duties

Create a system of checks and balances by separating
transactions into parts performed by different persons:

AUTHORIZATION - a qualified individual should have
the responsibility to authorize and approve

RECORDING - one or more qualified employees should
be assigned the responsibility for proper recording of
all authorized transactions

CUSTODY OF ASSETS - the responsibility for custody,
safeguarding and limiting access to franchise assets
should be assigned to an appropriate employee or
employees
Integrity - Service - Excellence
Responsibility and Accountability

The clear establishment of responsibilities and holding
people accountable are essential

RESPONSIBILITIES – should be clearly defined




Policy and procedure manuals
Job descriptions that establish clear lines of authority and
responsibilities
Remember – authority and responsibility go hand in hand
ACCOUNTABILITY – is a must if people are to adhere to
the rules and perform their duties responsibly



Performance feedback – formal ratings at regular intervals
An work environment that communicates expectations and
demands ethical conduct
An effective disciplinary system
Integrity - Service - Excellence
Proper Documentation

The clear establishment of responsibilities and holding
people accountable are essential

RESPONSIBILITIES – should be clearly defined




Policy and procedure manuals
Job descriptions that establish clear lines of authority and
responsibilities
Remember – authority and responsibility go hand in hand
ACCOUNTABILITY – is a must if people are to adhere to
the rules and perform their duties responsibly



Performance feedback – formal ratings at regular intervals
An work environment that communicates expectations and
demands ethical conduct
An effective disciplinary system
Integrity - Service - Excellence
Physical Security

Properly designed control systems are
based on six basic principles::
 segregation of duties
 establishment of responsibility and
accountability
 proper documentation of transactions
 physical and mechanical security devices
 independent internal verification
 other controls
Integrity - Service - Excellence
Independent Internal Verification

Properly designed control systems are
based on six basic principles::
 segregation of duties
 establishment of responsibility and
accountability
 proper documentation of transactions
 physical and mechanical security devices
 independent internal verification
 other controls
Integrity - Service - Excellence
Other Controls
 Good
internal control absolutely,
positively, begins at the top –
management sets the tone
 The best designed system of IC is
useless if not implemented
 The more strictly the IC structure is
adhered to the better
 If it doesn't work – change it
 If you don’t need it – eliminate it
Integrity - Service - Excellence
Evaluation of Internal Controls
 Periodic review
and assessment is
required
 Is the internal control system:

Working as designed?
 Accomplishing the intended goals?
 Given
changes in mission, staffing,
policy, or business conditions, is the
IC system still effective?
Integrity - Service - Excellence
Limitations of Internal Controls
 Prevalence
of fraud
 Benefits of effective ICs
 Internal control design
 Implementation
 Evaluation of internal controls
 Limitations of internal controls
 Summary
Integrity - Service - Excellence
Summary
 Fraud
is common & costly
 ICs are the key to prevention
 Design must be specific
 Implementation is everything
 Constant evaluation needed
 IC can’t prevent all fraud
Integrity - Service - Excellence
Questions/Comments?
Fraud Related Internal
Controls
10 Minute Break
Lunch
Integrity - Service - Excellence